Client Overview
In Identety, clients represent applications or services that can request tokens and access protected resources on behalf of users. Clients are a fundamental concept in the OAuth 2.0 and OpenID Connect (OIDC) protocols, which Identety implements.
Client Model
The client model in Identety includes the following properties:
id: Unique identifier for the client (auto-generated)name: Human-readable name of the client applicationtype: Type of the client (public, private, or m2m)clientId: Public identifier for the clientclientSecret: Secret used for authentication (private and m2m clients only)redirectUris: Allowed redirect URIs for the clientscopes: Scopes that the client is allowed to requestaccessTokenLifetime: Lifetime of access tokens issued to the clientrefreshTokenLifetime: Lifetime of refresh tokens issued to the client
Client Types
Identety supports three types of clients:
-
Public clients: Used for applications where the client secret cannot be kept confidential, such as single-page web apps (SPA) or mobile apps. Public clients are identified by their
clientIdonly. -
Private clients: Used for server-side applications that can securely store the
clientSecret. Private clients are authenticated using bothclientIdandclientSecret. -
Machine-to-machine (m2m) clients: Used for server-to-server communication without user interaction. M2M clients are also authenticated using
clientIdandclientSecret.
Why Clients are Needed
Clients play a crucial role in the OAuth and OIDC workflows:
-
Access delegation: Clients allow users to grant limited access to their protected resources without sharing their credentials. This enables third-party applications to access APIs on behalf of users.
-
Scope-based authorization: Clients specify the
scopesthey need, which represent permissions to access specific resources. This allows for fine-grained access control. -
Secure authentication: Client authentication ensures that only registered and authorized applications can request tokens and access protected resources.
-
Token management: Clients are responsible for securely storing and managing the access and refresh tokens they receive from Identety.
By defining and managing clients, Identety provides a secure and flexible way to integrate third-party applications into your identity and access management system.